test(shortint): add compression atomic pattern for noise checks

- noise checks and pfail based on expected noise have been added
- compatible with KS PBS and KS32 PBS

Author: IceTDrinker

scripts/pfail_estimate.py

@@ -0,0 +1,42 @@
+import scipy.stats as stats
+from scipy.special import erfcinv, erfc
+import math
+
+# utilities
+t = 1 / (2 ** (4 + 2))  # noise bound
+standard_score = lambda p_fail: math.sqrt(2) * erfcinv(p_fail)  # standard score
+
+pfail = lambda z: erfc(z / math.sqrt(2))
+
+# Noise squashing after compression
+# measured_variance = 7.598561171474912e-35
+# variance_after_flood = measured_variance * (2**40 * 100) ** 2
+
+# measured_std_dev = math.sqrt(variance_after_flood)
+
+# New params GPU before MS 128
+# measured_variance = 1.438540449823688e-6
+# Rerand noise
+# measured_variance = 1.4064222454361346e-6
+# measured_variance = 1.408401059719539e-6
+
+# measured_variance = 1.4120971218065554e-6 #KS32
+measured_variance = 1.4150031500067098e-6
+measured_std_dev = math.sqrt(measured_variance)
+
+measured_std_score = t / measured_std_dev
+
+estimated_pfail = pfail(measured_std_score)
+
+print(estimated_pfail, math.log2(estimated_pfail))
+
+
+# Compression encoding for 2_2
+t_compression = 1 / (2 ** (2 + 2))
+measured_variance = 1.0216297411906617e-5
+measured_std_dev = math.sqrt(measured_variance)
+
+measured_std_score = t_compression / measured_std_dev
+
+estimated_pfail = pfail(measured_std_score)
+print(estimated_pfail, math.log2(estimated_pfail))

tfhe/src/core_crypto/algorithms/modulus_switch.rs

@@ -106,6 +106,7 @@ use crate::core_crypto::commons::noise_formulas::noise_simulation::traits::{
     AllocateCenteredBinaryShiftedStandardModSwitchResult, AllocateStandardModSwitchResult,
     CenteredBinaryShiftedStandardModSwitch, StandardModSwitch,
 };
+use crate::core_crypto::entities::glwe_ciphertext::{GlweCiphertext, GlweCiphertextOwned};
 
 impl<Scalar: UnsignedInteger, C: Container<Element = Scalar>> AllocateStandardModSwitchResult
     for LweCiphertext<C>
@@ -206,6 +207,58 @@ impl<
     }
 }
 
+impl<Scalar: UnsignedInteger, C: Container<Element = Scalar>> AllocateStandardModSwitchResult
+    for GlweCiphertext<C>
+{
+    type Output = GlweCiphertextOwned<Scalar>;
+    type SideResources = ();
+
+    fn allocate_standard_mod_switch_result(
+        &self,
+        _side_resources: &mut Self::SideResources,
+    ) -> Self::Output {
+        // We will mod switch but we keep the current modulus as the noise is interesting in the
+        // context of the input modulus
+        Self::Output::new(
+            Scalar::ZERO,
+            self.glwe_size(),
+            self.polynomial_size(),
+            self.ciphertext_modulus(),
+        )
+    }
+}
+
+impl<
+        Scalar: UnsignedInteger,
+        InputCont: Container<Element = Scalar>,
+        OutputCont: ContainerMut<Element = Scalar>,
+    > StandardModSwitch<GlweCiphertext<OutputCont>> for GlweCiphertext<InputCont>
+{
+    type SideResources = ();
+
+    fn standard_mod_switch(
+        &self,
+        output_modulus_log: CiphertextModulusLog,
+        output: &mut GlweCiphertext<OutputCont>,
+        _side_resources: &mut Self::SideResources,
+    ) {
+        assert!(self
+            .ciphertext_modulus()
+            .is_compatible_with_native_modulus());
+        assert_eq!(self.glwe_size(), output.glwe_size());
+        assert_eq!(self.polynomial_size(), output.polynomial_size());
+        // Mod switched but the noise is to be interpreted with respect to the input modulus, as
+        // strictly the operation adding the noise is the rounding under the original modulus
+        assert_eq!(self.ciphertext_modulus(), output.ciphertext_modulus());
+
+        for (inp, out) in self.as_ref().iter().zip(output.as_mut().iter_mut()) {
+            let msed = modulus_switch(*inp, output_modulus_log);
+            // Shift in MSBs to match the power of 2 encoding in core
+            *out = msed << (Scalar::BITS - output_modulus_log.0);
+        }
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

tfhe/src/core_crypto/commons/noise_formulas/noise_simulation/lwe_packing_keyswitch.rs

@@ -8,11 +8,11 @@ use crate::core_crypto::commons::noise_formulas::noise_simulation::traits::{
 };
 use crate::core_crypto::commons::noise_formulas::noise_simulation::{
     NoiseSimulationGlwe, NoiseSimulationLwe, NoiseSimulationModulus,
+    NoiseSimulationNoiseDistribution, NoiseSimulationNoiseDistributionKind,
 };
 use crate::core_crypto::commons::numeric::UnsignedInteger;
 use crate::core_crypto::commons::parameters::{
-    DecompositionBaseLog, DecompositionLevelCount, DynamicDistribution, GlweSize, LweDimension,
-    PolynomialSize,
+    DecompositionBaseLog, DecompositionLevelCount, GlweDimension, LweDimension, PolynomialSize,
 };
 use crate::core_crypto::commons::traits::container::Container;
 use crate::core_crypto::entities::lwe_packing_keyswitch_key::LwePackingKeyswitchKey;
@@ -22,9 +22,9 @@ pub struct NoiseSimulationLwePackingKeyswitchKey {
     input_lwe_dimension: LweDimension,
     decomp_base_log: DecompositionBaseLog,
     decomp_level_count: DecompositionLevelCount,
-    output_glwe_size: GlweSize,
+    output_glwe_dimension: GlweDimension,
     output_polynomial_size: PolynomialSize,
-    noise_distribution: DynamicDistribution<u128>,
+    noise_distribution: NoiseSimulationNoiseDistribution,
     modulus: NoiseSimulationModulus,
 }
 
@@ -33,16 +33,16 @@ impl NoiseSimulationLwePackingKeyswitchKey {
         input_lwe_dimension: LweDimension,
         decomp_base_log: DecompositionBaseLog,
         decomp_level_count: DecompositionLevelCount,
-        output_glwe_size: GlweSize,
+        output_glwe_dimension: GlweDimension,
         output_polynomial_size: PolynomialSize,
-        noise_distribution: DynamicDistribution<u128>,
+        noise_distribution: NoiseSimulationNoiseDistribution,
         modulus: NoiseSimulationModulus,
     ) -> Self {
         Self {
             input_lwe_dimension,
             decomp_base_log,
             decomp_level_count,
-            output_glwe_size,
+            output_glwe_dimension,
             output_polynomial_size,
             noise_distribution,
             modulus,
@@ -57,7 +57,7 @@ impl NoiseSimulationLwePackingKeyswitchKey {
             input_lwe_dimension,
             decomp_base_log,
             decomp_level_count,
-            output_glwe_size,
+            output_glwe_dimension,
             output_polynomial_size,
             noise_distribution: _,
             modulus,
@@ -66,15 +66,15 @@ impl NoiseSimulationLwePackingKeyswitchKey {
         let pksk_input_lwe_dimension = pksk.input_key_lwe_dimension();
         let pksk_decomp_base_log = pksk.decomposition_base_log();
         let pksk_decomp_level_count = pksk.decomposition_level_count();
-        let pksk_output_glwe_size = pksk.output_glwe_size();
+        let pksk_output_glwe_dimension = pksk.output_key_glwe_dimension();
         let pksk_output_polynomial_size = pksk.output_key_polynomial_size();
         let pksk_modulus =
             NoiseSimulationModulus::from_ciphertext_modulus(pksk.ciphertext_modulus());
 
         input_lwe_dimension == pksk_input_lwe_dimension
             && decomp_base_log == pksk_decomp_base_log
             && decomp_level_count == pksk_decomp_level_count
-            && output_glwe_size == pksk_output_glwe_size
+            && output_glwe_dimension == pksk_output_glwe_dimension
             && output_polynomial_size == pksk_output_polynomial_size
             && modulus == pksk_modulus
     }
@@ -91,15 +91,15 @@ impl NoiseSimulationLwePackingKeyswitchKey {
         self.decomp_level_count
     }
 
-    pub fn output_glwe_size(&self) -> GlweSize {
-        self.output_glwe_size
+    pub fn output_glwe_dimension(&self) -> GlweDimension {
+        self.output_glwe_dimension
     }
 
     pub fn output_polynomial_size(&self) -> PolynomialSize {
         self.output_polynomial_size
     }
 
-    pub fn noise_distribution(&self) -> DynamicDistribution<u128> {
+    pub fn noise_distribution(&self) -> NoiseSimulationNoiseDistribution {
         self.noise_distribution
     }
 
@@ -117,7 +117,7 @@ impl AllocateLwePackingKeyswitchResult for NoiseSimulationLwePackingKeyswitchKey
         _side_resources: &mut Self::SideResources,
     ) -> Self::Output {
         Self::Output::new(
-            self.output_glwe_size().to_glwe_dimension(),
+            self.output_glwe_dimension(),
             self.output_polynomial_size(),
             Variance(f64::NAN),
             self.modulus,
@@ -137,43 +137,44 @@ impl LwePackingKeyswitch<[&NoiseSimulationLwe], NoiseSimulationGlwe>
         _side_resources: &mut Self::SideResources,
     ) {
         let mut input_iter = input.iter();
-        let input = input_iter.next().unwrap();
+        let first_input = input_iter.next().unwrap();
 
-        let mut lwe_to_pack = 1;
+        // Check first input is compatible with us
+        assert_eq!(first_input.lwe_dimension(), self.input_lwe_dimension());
+        // Check all inputs are the same as first input
+        assert!(input_iter.all(|x| x == first_input));
 
-        assert!(input_iter.inspect(|_| lwe_to_pack += 1).all(|x| x == input));
+        let lwe_to_pack = input.len() as f64;
 
-        assert_eq!(input.lwe_dimension(), self.input_lwe_dimension());
-
-        let packing_ks_additive_var = match self.noise_distribution() {
-            DynamicDistribution::Gaussian(_) => {
+        let packing_ks_additive_var = match self.noise_distribution().kind() {
+            NoiseSimulationNoiseDistributionKind::Gaussian => {
                 packing_keyswitch_additive_variance_132_bits_security_gaussian(
                     self.input_lwe_dimension(),
-                    self.output_glwe_size().to_glwe_dimension(),
+                    self.output_glwe_dimension(),
                     self.output_polynomial_size(),
                     self.decomp_base_log(),
                     self.decomp_level_count(),
-                    lwe_to_pack.into(),
+                    lwe_to_pack,
                     self.modulus().as_f64(),
                 )
             }
-            DynamicDistribution::TUniform(_) => {
+            NoiseSimulationNoiseDistributionKind::TUniform => {
                 packing_keyswitch_additive_variance_132_bits_security_tuniform(
                     self.input_lwe_dimension(),
-                    self.output_glwe_size().to_glwe_dimension(),
+                    self.output_glwe_dimension(),
                     self.output_polynomial_size(),
                     self.decomp_base_log(),
                     self.decomp_level_count(),
-                    lwe_to_pack.into(),
+                    lwe_to_pack,
                     self.modulus().as_f64(),
                 )
             }
         };
 
         *output = NoiseSimulationGlwe::new(
-            self.output_glwe_size().to_glwe_dimension(),
+            self.output_glwe_dimension(),
             self.output_polynomial_size(),
-            Variance(input.variance().0 + packing_ks_additive_var.0),
+            Variance(first_input.variance().0 + packing_ks_additive_var.0),
             self.modulus(),
         );
     }

tfhe/src/core_crypto/commons/noise_formulas/noise_simulation/mod.rs

@@ -13,13 +13,14 @@ pub use lwe_programmable_bootstrap::{
 
 use crate::core_crypto::commons::ciphertext_modulus::CiphertextModulus;
 use crate::core_crypto::commons::dispersion::Variance;
+use crate::core_crypto::commons::math::random::DynamicDistribution;
 use crate::core_crypto::commons::noise_formulas::noise_simulation::traits::{
     AllocateLweBootstrapResult, AllocateLweMultiBitBlindRotateResult, LweUncorrelatedAdd,
     LweUncorrelatedSub, ScalarMul, ScalarMulAssign,
 };
 use crate::core_crypto::commons::numeric::{CastInto, UnsignedInteger};
 use crate::core_crypto::commons::parameters::{
-    CiphertextModulusLog, GlweDimension, LweDimension, PolynomialSize,
+    CiphertextModulusLog, GlweDimension, GlweSize, LweDimension, PolynomialSize,
 };
 
 #[derive(Clone, Copy, Debug, PartialEq, Eq)]
@@ -71,6 +72,40 @@ impl NoiseSimulationModulus {
     }
 }
 
+#[derive(Clone, Copy, Debug, PartialEq)]
+pub enum NoiseSimulationNoiseDistribution {
+    U32(DynamicDistribution<u32>),
+    U64(DynamicDistribution<u64>),
+    U128(DynamicDistribution<u128>),
+}
+
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+pub enum NoiseSimulationNoiseDistributionKind {
+    Gaussian,
+    TUniform,
+}
+
+impl NoiseSimulationNoiseDistribution {
+    pub fn kind(&self) -> NoiseSimulationNoiseDistributionKind {
+        match self {
+            Self::U32(dynamic_distribution) => dynamic_distribution.into(),
+            Self::U64(dynamic_distribution) => dynamic_distribution.into(),
+            Self::U128(dynamic_distribution) => dynamic_distribution.into(),
+        }
+    }
+}
+
+impl<Scalar: UnsignedInteger> From<&DynamicDistribution<Scalar>>
+    for NoiseSimulationNoiseDistributionKind
+{
+    fn from(value: &DynamicDistribution<Scalar>) -> Self {
+        match value {
+            DynamicDistribution::Gaussian(_) => Self::Gaussian,
+            DynamicDistribution::TUniform(_) => Self::TUniform,
+        }
+    }
+}
+
 // Avoids fields to be public/accessible in the noise_simulation module to make sure all functions
 // use constructors
 mod simulation_ciphertexts {
@@ -211,6 +246,10 @@ mod simulation_ciphertexts {
             self.glwe_dimension
         }
 
+        pub fn glwe_size(&self) -> GlweSize {
+            self.glwe_dimension().to_glwe_size()
+        }
+
         pub fn polynomial_size(&self) -> PolynomialSize {
             self.polynomial_size
         }